Step 2 - Configure a 'System Access' Rule for Hosts in the Network to Connect to the Firewall
System access rules lets you control access to firewall from hosts in internal and external networks.
- Pre-configured rules allow hosts in different zones to access basic services like DNS (port 53), the firewall admin interface (port 10443); and DHCP (port 67).
- You can view the pre-configured rules by clicking 'Firewall' > 'System Access' > 'Show rules of system'. Pre-configured rules can be viewed but not edited.
- Whenever a new service is enabled in the virtual appliance, rules are auto-created to provide the service to hosts in the required network zones.
You need to create a system access rule to ensure that hosts in the network zones can initially access firewall services. You can edit the rule to restrict access from specific hosts in and services at anytime.
To add a system access rule to allow traffic from all network zones
- Click 'Firewall' on the left and select 'System Access'
- Click the 'Add a New System Access Rule' link in the 'Current Rules' pane
- Enter the parameters for the new rule as shown below:
- Incoming Interface - Select 'Any' to allow access from hosts in all network zones connected to the firewall.
- Source Address - Leave the field blank.
- Service/Port - Select the type or the service hosted by the source, the protocol and the port used by the service.
- Service - Choose 'Any' to allow traffic pertaining to all services.
- Protocol - Choose 'Any' from the drop-down.
- Destination port - Leave the field blank.
- Policy - Choose 'Allow' from to pass packets from all sources to their destination port.
- Enabled - Leave enabled to activate the rule after saving.
- Remark - Enter a short description of the rule.
- Position - Set the priority for the rule to 'First' in the list of 'System Access' rules list. The rules in the iptables are processed in the order they appear on the list.
- Log all accepted packets - Select if you want packets allowed by the rule to be logged. See View Logs for more details on configuring storage of logs and viewing the logs.
- Click 'Add Rule'. A confirmation dialog will appear.
- Click
'Apply'. The firewall will restart to apply the new rule.